CVE-2018-1274

Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability caused by unlimited resource allocation. An unauthenticated remote malicious user (or attacker) can issue requests against Spring Data REST endpoints or endpoints using property path parsing which can cause a denial of service (CPU and memory consumption).
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:pivotal_software:spring_data_commons:*:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_data_commons:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:pivotal_software:spring_data_rest:*:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_data_rest:*:*:*:*:*:*:*:*

History

25 Jul 2022, 18:15

Type Values Removed Values Added
References
  • (N/A) https://www.oracle.com/security-alerts/cpujul2022.html -

Information

Published : 2018-04-18 16:29

Updated : 2024-02-04 19:46


NVD link : CVE-2018-1274

Mitre link : CVE-2018-1274

CVE.ORG link : CVE-2018-1274


JSON object : View

Products Affected

pivotal_software

  • spring_data_commons
  • spring_data_rest
CWE
CWE-770

Allocation of Resources Without Limits or Throttling